26-04-2011, 02:01 PM
[attachment=12842]
CHAPTER 1
INTRODUCTION
Authentication is the act of establishing or confirming something (or someone) as authentic, that is, the claims made by or about the thing are true. Authenticating an object may mean confirming its prominence, whereas authenticating a person often consists of verifying their identity. Authentication depends upon one or more authentication factors. In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program. A blind credential, in contrast, does not establish identity at all, but only a narrow right or status of the user or program.
In a web of trust, "authentication" is a way to ensure users are who they say they are— that the user who attempts to perform functions in a system is in fact the user who is authorized to do so.
Authorization is often thought to be identical to that of authentication; many widely adopted standard security protocols, obligatory regulations, and even statutes are based on this assumption. However, more precise usage describes authentication as the process of verifying a person's identity, while authorization is the process of verifying that a known person has the authority to perform a certain operation. Authentication, therefore, must precede authorization. For example, when you show proper identification to a bank teller, you could be authenticated by the teller, and you would be authorized to access information about your bank accounts. You would not be authorized to access accounts that are not your own.
The authentication factors for humans are generally classified into four cases:
● Something the user is (e.g., fingerprint or retinal pattern, DNA sequence (there are assorted definitions of what is sufficient), voice pattern (again several definitions), signature recognition, unique bio-electric signals produced by the living body, or other biometric identifier)
● Something the user has (e.g., ID card, security token, software token or
Cell phone)
● Something the user knows (e.g., a password, a pass phrase or a personal
Identification number (PIN))
● Something the user does (e.g., voice recognition, signature, or gait).
E-Authentication is defined as the Web Based service that provides authentication to end users accessing (logging into) an Internet service.
The E-Authentication is similar to Credit Card verification for E-Commerce web sites. The verification is done by a dedicated service that receives the input and returns success or fail indication.
For example, an end user wishes to enter his E-Buy or E-Trade web site. He gets the Login web page and is required to enter his user ID and a Password or in the more secured sites – his One Time Password. The information is transmitted to the E- Authentication service as a query. If the service returns Success – the end user is permitted into the E-Trade service with his privileges as a user.
1.1 Literature Review
The rapid spread of E-Business has necessitated the securing of transactions. Authentication is a fundamental security function. During authentication, credentials presented by an individual are validated and associated with the person's identity.
This binding between credentials and identity is typically done for the purpose of granting (or denying) authorization to perform some restricted operation, like accessing secured files or executing sensitive transactions.
User authentication is commonly defined as the process of identifying an individual, usually based on a username and passwords.
In security systems authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who or she claims to be, but says nothing about the access rights of the individual. The process of identifying an individual usually, based on user name and password.
When a traditional business becomes an E-Business, the access paths to corporate data expand, and need for overall security methodology increases greatly. A key part for this methodology is authentication. Old authentication methods such as passwords will no longer suffice due to their inherent weakness as well as the growing sophistication of the tools and people attempting unauthorized access. Today, strong user
Authentication- using at least two methods of identifying an individual-is critical to maintaining control over access to data.
Essentially, Strong Authentication controls access and gives non-repudiation, or conclusive tracing of an action of an individual.
1.2 Need for Strong Authentication
There are three essential reasons why an organization may decide to use strong authentication:
1. The cost associated with loss of unauthorized data is usually the most compelling reason to use strong authentication. Strong authentication should be used in the case of high-risk data while it may not pay to use strong authentication for low risk data.
2. A corporation could be held liable for an attack by a hacker. The loss of money and public confidence in this scenario will be great. Use of strong authentication greatly minimizes the risk.
3. The authentication tool should be capable of evolving as technology and threat changes. Therefore, in investing in a strong authentication tool is essential to acquire one that can change as technology advances.
1.3 Authentication Methodologies
1.3.1 Risk Assessment
The implementation of appropriate authentication methodologies should start with an assessment of the risk posed by the institution’s Internet banking systems. The risk should be evaluated in light of the type of customer (e.g., retail or commercial); the customer transactional capabilities (e.g., bill payment, wire transfer, loan origination); the sensitivity of customer information being communicated to both the institution and the customer; the ease of using the communication method; and the volume of transactions. Prior agency guidance has elaborated on this risk-based and “layered” approach to information security.
An effective authentication program should be implemented to ensure that controls and authentication tools are appropriate for all of the financial institution’s Internet-based products and services. Authentication processes should be designed to maximize interoperability and should be consistent with the financial institution’s overall strategy for Internet banking and electronic commerce customer services. The level of authentication used by a financial institution in a particular application should be appropriate to the level of risk in that application.
The method of authentication used in a specific Internet application should be appropriate and reasonable, from a business perspective, in light of the reasonably foreseeable risks in that application. Because the standards for implementing a commercially reasonable system may change over time as technology and other procedures develop, financial
institutions and technology service providers should develop an ongoing process to review authentication technology and ensure appropriate changes are implemented.
The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Single-factor authentication tools, including passwords and PINs, have been widely used for a variety of Internet banking and electronic commerce activities, including account inquiry, bill payment, and account aggregation. However, financial institutions should assess the adequacy of such authentication techniques in light of new or changing risks such as phishing, pharming, malware, and the evolving sophistication of compromise techniques. Where risk assessments indicate that the use of single-factor authentication is inadequate, financial institutions should implement multifactor authentication, layered security, or other controls reasonably calculated to mitigate those risks.
The risk assessment process should:
● Identify all transactions and levels of access associated with Internet-based customer products and services;
● Identify and assess the risk mitigation techniques, including authentication methodologies, employed for each transaction type and level of access; and
● Include the ability to gauge the effectiveness of risk mitigation techniques for current and changing risk factors for each transaction type and level of access.
1.3.2 Customer Verification
With the growth in electronic banking and commerce, financial institutions should use reliable methods of originating new customer accounts online. Moreover, customer identity verification during account origination is required and is important in reducing the risk of identity theft, fraudulent account applications, and unenforceable account agreements or transactions. Potentially significant risks arise when a financial
institution accepts new customers through the Internet or other electronic channels because of the absence of the physical cues that financial institutions traditionally use to identify persons.
One method to verify a customer’s identity is a physical presentation of a proof of identity credential such as a driver's license. Similarly, to establish the validity of a business and the authority of persons to perform transactions on its behalf, financial institutions typically review articles of incorporation, business credit reports, and board resolutions identifying officers and authorized signers, and other business credentials. However, in an Internet banking environment, reliance on these traditional forms of paper-based verification decreases substantially. Accordingly, financial institutions need to use reliable alternative methods.
1.3.3 Types of Authentication
Generally there are two types of Authentication Techniques.
1. Hardware Based Authentication.
2. Non-Hardware Based Authentication.
Which ever authentication tool is chosen heavily depends on the type of service and across which channel together with a risk assessment that the financial institution must carry out in order to ensure that the perceived risks are adequately mitigated. An effective authentication program should be implemented on an enterprise-wide basis and across all services channels, for example internet, telephone and call-centre services, to ensure that controls and authentication tools are adequate. Authentication processes should be designed to maximize interoperability and should be consistent with the financial institution's overall strategy for electronic banking and e-commerce customer services.
1.3.3.1 Hardware based Authentication tools.
Hardware based authentication can be done by using one of the following
1. Tokens
Tokens are physical devices (something the person has) and may be part of a multifactor authentication scheme. Three types of tokens are there: the USB token device, the smart card, and the password-generating token.
a) USB Token Device
The USB token device is typically the size of a house key. It plugs directly into a computer’s USB port and therefore does not require the installation of any special hardware on the user’s computer. Once the USB token is recognized, the customer is prompted to enter his or her password (the second authenticating factor) in order to gain access to the computer system.
USB tokens are one-piece, injection-molded devices. USB tokens are hard to duplicate and are tamper resistant; thus, they are a relatively secure vehicle for storing sensitive data and credentials. The device has the ability to store digital certificates that can be used in a public key infrastructure (PKI) environment.
The USB token is generally considered to be user-friendly. Its small size makes it easy for the user to carry and, as noted above, it plugs into an existing USB port; thus the need for additional hardware is eliminated.By requiring two independent elements for user authentication, this approach significantly decreases the chances of unauthorized information access and fraud.USB Tokens are designed to securely store an individual’s digital identity (digital ID), specifically their Entrust digital certificates and keys.
These portable tokens plug ino a computer’s USB port either directly or using a USB extension cable. When users attempt to login to applications via the desktop, VPN/WLAN or Web portal, they will be prompted to enter their unique PIN number. If the entered PIN number matches the PIN within the Entrust USB Token, the appropriate digital credentials are passed to the network and access is granted. PIN numbers stored on the token are encrypted for added security.
Advantages of USB Tokens are as follows. USB Tokens provide strong security
▪ removing the USB Token will prevent other users from accessing the current secure session.
▪ the token cannot be duplicated.
▪ if stolen, security is not completely compromised because the associated PIN number is also required to gain access to the desktop, VPN/WLAN or Web portal PINs are encrypted by the token itself to increase the level of security.that is extensible
▪ storage of a user’s digital certificate enables security capabilities beyond just authentication, to include digital signatures and encryption.
reliable
▪ USB Tokens are durable against normal wear and tear.
▪ the typical lifespan of a token is approximately ten years.
▪ batteries are not required.and can enable compliance
▪ USB Tokens can help organizations abide by new security standards and global legislations that mandate the privacy of client/patient/consumer records.
at a lower total cost of ownership
▪ ‘plug and play’ capabilities with USB ports minimizes helpdesk and training costs.
▪ USB extension cables protect against USB failures due to wear and tear. Disadvantages of USB Token Devices are as follows.
▪ Requires client side software which may not be consistently available across platform.
▪ End user education (to understand the concepts of PKI) may be a degree more difficult when compared to other two factor authentication mechanisms.
▪ Tokens may not be compatible across platforms (if a user needs to authenticate from multiple platforms, may need multiple tokens).
▪ Having a “new store” for identities might not be as convenient (from an administrative standpoint) as simply providing an extra factor to an existing system.
b) Smart Cards
A smart card is a small, tamperproof computer. The smart card itself contains a CPU and some non-volatile storage. In most cards, some of the storage is tamperproof while the rest is accessible to any application that can talk to the card. This capability makes it possible for the card to keep some secrets, such as the private keys associated with any certificates it holds. The card itself actually performs its own cryptographic operations.
Although smart cards are often compared to hard drives, they’re “secured drives with a brain”—they store and process information. Smart cards are storage devices with the core mechanics to facilitate communication with a reader or coupler. They have file-system configurations and the ability to be partitioned into public and private spaces that can be made available or locked. They also have segregated areas for protected information, such as certificates, e-purses, and entire operating systems. In addition to traditional data storage states, such as read-only and read/write, some vendors are working with sub states best described as “add only” and “update only.”
Smart cards currently come in two forms, contact and contactless.
Contact cards require a reader to facilitate the bidirectional connection. The card must be inserted into a device that touches the contact points on the card, which facilitate communication with the card’s chip. Contact cards come in 3-volt and 5-volt models, as do current desktop CPUs. Contact card readers are commonly built into company or
vendor-owned buildings and assets, cellular phones, handheld devices, stand-alone devices that connect to a computer desktop’s serial or Universal Serial Bus (USB) port, laptop card slots, and keyboards.
Contactless cards use proximity couplers to get information to and from the card’s chip. An antenna is wound around the circumference of the card and activated when the card is radiated in a specific distance from the coupler. The configuration of the card’s antenna and the coupler facilitate connected states from a couple of centimeters to a couple of feet. The bidirectional transmission is encoded and can be encrypted by using a combination of a card vendor’s hard-coded chip algorithms; randomly generated session numbers; and the card holder’s certificate, secret key, or personal identification number (PIN). The sophistication of the connection can facilitate separate and discrete connections with multiple cards should they be within range of the coupler. Because contactless cards don’t require physical contact with a reader, the usability range is expanded tremendously.
Smart cards are a key component of the public key infrastructure (PKI) because smart cards enhance software-only solutions, such as client authentication, logon, and secure email. Smart cards are a point of convergence for public key certificates and associated keys because they:
1) Provide tamper-resistant storage for protecting private keys and other forms of personal information.
2) Isolate security-critical computations, involving authentication, digital signatures, and key exchange from other parts of the system that don’t have a need to know.
3) Enable portability of credentials and other private information between computers at work, at home, or on the road.
CHAPTER 1
INTRODUCTION
Authentication is the act of establishing or confirming something (or someone) as authentic, that is, the claims made by or about the thing are true. Authenticating an object may mean confirming its prominence, whereas authenticating a person often consists of verifying their identity. Authentication depends upon one or more authentication factors. In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program. A blind credential, in contrast, does not establish identity at all, but only a narrow right or status of the user or program.
In a web of trust, "authentication" is a way to ensure users are who they say they are— that the user who attempts to perform functions in a system is in fact the user who is authorized to do so.
Authorization is often thought to be identical to that of authentication; many widely adopted standard security protocols, obligatory regulations, and even statutes are based on this assumption. However, more precise usage describes authentication as the process of verifying a person's identity, while authorization is the process of verifying that a known person has the authority to perform a certain operation. Authentication, therefore, must precede authorization. For example, when you show proper identification to a bank teller, you could be authenticated by the teller, and you would be authorized to access information about your bank accounts. You would not be authorized to access accounts that are not your own.
The authentication factors for humans are generally classified into four cases:
● Something the user is (e.g., fingerprint or retinal pattern, DNA sequence (there are assorted definitions of what is sufficient), voice pattern (again several definitions), signature recognition, unique bio-electric signals produced by the living body, or other biometric identifier)
● Something the user has (e.g., ID card, security token, software token or
Cell phone)
● Something the user knows (e.g., a password, a pass phrase or a personal
Identification number (PIN))
● Something the user does (e.g., voice recognition, signature, or gait).
E-Authentication is defined as the Web Based service that provides authentication to end users accessing (logging into) an Internet service.
The E-Authentication is similar to Credit Card verification for E-Commerce web sites. The verification is done by a dedicated service that receives the input and returns success or fail indication.
For example, an end user wishes to enter his E-Buy or E-Trade web site. He gets the Login web page and is required to enter his user ID and a Password or in the more secured sites – his One Time Password. The information is transmitted to the E- Authentication service as a query. If the service returns Success – the end user is permitted into the E-Trade service with his privileges as a user.
1.1 Literature Review
The rapid spread of E-Business has necessitated the securing of transactions. Authentication is a fundamental security function. During authentication, credentials presented by an individual are validated and associated with the person's identity.
This binding between credentials and identity is typically done for the purpose of granting (or denying) authorization to perform some restricted operation, like accessing secured files or executing sensitive transactions.
User authentication is commonly defined as the process of identifying an individual, usually based on a username and passwords.
In security systems authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who or she claims to be, but says nothing about the access rights of the individual. The process of identifying an individual usually, based on user name and password.
When a traditional business becomes an E-Business, the access paths to corporate data expand, and need for overall security methodology increases greatly. A key part for this methodology is authentication. Old authentication methods such as passwords will no longer suffice due to their inherent weakness as well as the growing sophistication of the tools and people attempting unauthorized access. Today, strong user
Authentication- using at least two methods of identifying an individual-is critical to maintaining control over access to data.
Essentially, Strong Authentication controls access and gives non-repudiation, or conclusive tracing of an action of an individual.
1.2 Need for Strong Authentication
There are three essential reasons why an organization may decide to use strong authentication:
1. The cost associated with loss of unauthorized data is usually the most compelling reason to use strong authentication. Strong authentication should be used in the case of high-risk data while it may not pay to use strong authentication for low risk data.
2. A corporation could be held liable for an attack by a hacker. The loss of money and public confidence in this scenario will be great. Use of strong authentication greatly minimizes the risk.
3. The authentication tool should be capable of evolving as technology and threat changes. Therefore, in investing in a strong authentication tool is essential to acquire one that can change as technology advances.
1.3 Authentication Methodologies
1.3.1 Risk Assessment
The implementation of appropriate authentication methodologies should start with an assessment of the risk posed by the institution’s Internet banking systems. The risk should be evaluated in light of the type of customer (e.g., retail or commercial); the customer transactional capabilities (e.g., bill payment, wire transfer, loan origination); the sensitivity of customer information being communicated to both the institution and the customer; the ease of using the communication method; and the volume of transactions. Prior agency guidance has elaborated on this risk-based and “layered” approach to information security.
An effective authentication program should be implemented to ensure that controls and authentication tools are appropriate for all of the financial institution’s Internet-based products and services. Authentication processes should be designed to maximize interoperability and should be consistent with the financial institution’s overall strategy for Internet banking and electronic commerce customer services. The level of authentication used by a financial institution in a particular application should be appropriate to the level of risk in that application.
The method of authentication used in a specific Internet application should be appropriate and reasonable, from a business perspective, in light of the reasonably foreseeable risks in that application. Because the standards for implementing a commercially reasonable system may change over time as technology and other procedures develop, financial
institutions and technology service providers should develop an ongoing process to review authentication technology and ensure appropriate changes are implemented.
The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Single-factor authentication tools, including passwords and PINs, have been widely used for a variety of Internet banking and electronic commerce activities, including account inquiry, bill payment, and account aggregation. However, financial institutions should assess the adequacy of such authentication techniques in light of new or changing risks such as phishing, pharming, malware, and the evolving sophistication of compromise techniques. Where risk assessments indicate that the use of single-factor authentication is inadequate, financial institutions should implement multifactor authentication, layered security, or other controls reasonably calculated to mitigate those risks.
The risk assessment process should:
● Identify all transactions and levels of access associated with Internet-based customer products and services;
● Identify and assess the risk mitigation techniques, including authentication methodologies, employed for each transaction type and level of access; and
● Include the ability to gauge the effectiveness of risk mitigation techniques for current and changing risk factors for each transaction type and level of access.
1.3.2 Customer Verification
With the growth in electronic banking and commerce, financial institutions should use reliable methods of originating new customer accounts online. Moreover, customer identity verification during account origination is required and is important in reducing the risk of identity theft, fraudulent account applications, and unenforceable account agreements or transactions. Potentially significant risks arise when a financial
institution accepts new customers through the Internet or other electronic channels because of the absence of the physical cues that financial institutions traditionally use to identify persons.
One method to verify a customer’s identity is a physical presentation of a proof of identity credential such as a driver's license. Similarly, to establish the validity of a business and the authority of persons to perform transactions on its behalf, financial institutions typically review articles of incorporation, business credit reports, and board resolutions identifying officers and authorized signers, and other business credentials. However, in an Internet banking environment, reliance on these traditional forms of paper-based verification decreases substantially. Accordingly, financial institutions need to use reliable alternative methods.
1.3.3 Types of Authentication
Generally there are two types of Authentication Techniques.
1. Hardware Based Authentication.
2. Non-Hardware Based Authentication.
Which ever authentication tool is chosen heavily depends on the type of service and across which channel together with a risk assessment that the financial institution must carry out in order to ensure that the perceived risks are adequately mitigated. An effective authentication program should be implemented on an enterprise-wide basis and across all services channels, for example internet, telephone and call-centre services, to ensure that controls and authentication tools are adequate. Authentication processes should be designed to maximize interoperability and should be consistent with the financial institution's overall strategy for electronic banking and e-commerce customer services.
1.3.3.1 Hardware based Authentication tools.
Hardware based authentication can be done by using one of the following
1. Tokens
Tokens are physical devices (something the person has) and may be part of a multifactor authentication scheme. Three types of tokens are there: the USB token device, the smart card, and the password-generating token.
a) USB Token Device
The USB token device is typically the size of a house key. It plugs directly into a computer’s USB port and therefore does not require the installation of any special hardware on the user’s computer. Once the USB token is recognized, the customer is prompted to enter his or her password (the second authenticating factor) in order to gain access to the computer system.
USB tokens are one-piece, injection-molded devices. USB tokens are hard to duplicate and are tamper resistant; thus, they are a relatively secure vehicle for storing sensitive data and credentials. The device has the ability to store digital certificates that can be used in a public key infrastructure (PKI) environment.
The USB token is generally considered to be user-friendly. Its small size makes it easy for the user to carry and, as noted above, it plugs into an existing USB port; thus the need for additional hardware is eliminated.By requiring two independent elements for user authentication, this approach significantly decreases the chances of unauthorized information access and fraud.USB Tokens are designed to securely store an individual’s digital identity (digital ID), specifically their Entrust digital certificates and keys.
These portable tokens plug ino a computer’s USB port either directly or using a USB extension cable. When users attempt to login to applications via the desktop, VPN/WLAN or Web portal, they will be prompted to enter their unique PIN number. If the entered PIN number matches the PIN within the Entrust USB Token, the appropriate digital credentials are passed to the network and access is granted. PIN numbers stored on the token are encrypted for added security.
Advantages of USB Tokens are as follows. USB Tokens provide strong security
▪ removing the USB Token will prevent other users from accessing the current secure session.
▪ the token cannot be duplicated.
▪ if stolen, security is not completely compromised because the associated PIN number is also required to gain access to the desktop, VPN/WLAN or Web portal PINs are encrypted by the token itself to increase the level of security.that is extensible
▪ storage of a user’s digital certificate enables security capabilities beyond just authentication, to include digital signatures and encryption.
reliable
▪ USB Tokens are durable against normal wear and tear.
▪ the typical lifespan of a token is approximately ten years.
▪ batteries are not required.and can enable compliance
▪ USB Tokens can help organizations abide by new security standards and global legislations that mandate the privacy of client/patient/consumer records.
at a lower total cost of ownership
▪ ‘plug and play’ capabilities with USB ports minimizes helpdesk and training costs.
▪ USB extension cables protect against USB failures due to wear and tear. Disadvantages of USB Token Devices are as follows.
▪ Requires client side software which may not be consistently available across platform.
▪ End user education (to understand the concepts of PKI) may be a degree more difficult when compared to other two factor authentication mechanisms.
▪ Tokens may not be compatible across platforms (if a user needs to authenticate from multiple platforms, may need multiple tokens).
▪ Having a “new store” for identities might not be as convenient (from an administrative standpoint) as simply providing an extra factor to an existing system.
b) Smart Cards
A smart card is a small, tamperproof computer. The smart card itself contains a CPU and some non-volatile storage. In most cards, some of the storage is tamperproof while the rest is accessible to any application that can talk to the card. This capability makes it possible for the card to keep some secrets, such as the private keys associated with any certificates it holds. The card itself actually performs its own cryptographic operations.
Although smart cards are often compared to hard drives, they’re “secured drives with a brain”—they store and process information. Smart cards are storage devices with the core mechanics to facilitate communication with a reader or coupler. They have file-system configurations and the ability to be partitioned into public and private spaces that can be made available or locked. They also have segregated areas for protected information, such as certificates, e-purses, and entire operating systems. In addition to traditional data storage states, such as read-only and read/write, some vendors are working with sub states best described as “add only” and “update only.”
Smart cards currently come in two forms, contact and contactless.
Contact cards require a reader to facilitate the bidirectional connection. The card must be inserted into a device that touches the contact points on the card, which facilitate communication with the card’s chip. Contact cards come in 3-volt and 5-volt models, as do current desktop CPUs. Contact card readers are commonly built into company or
vendor-owned buildings and assets, cellular phones, handheld devices, stand-alone devices that connect to a computer desktop’s serial or Universal Serial Bus (USB) port, laptop card slots, and keyboards.
Contactless cards use proximity couplers to get information to and from the card’s chip. An antenna is wound around the circumference of the card and activated when the card is radiated in a specific distance from the coupler. The configuration of the card’s antenna and the coupler facilitate connected states from a couple of centimeters to a couple of feet. The bidirectional transmission is encoded and can be encrypted by using a combination of a card vendor’s hard-coded chip algorithms; randomly generated session numbers; and the card holder’s certificate, secret key, or personal identification number (PIN). The sophistication of the connection can facilitate separate and discrete connections with multiple cards should they be within range of the coupler. Because contactless cards don’t require physical contact with a reader, the usability range is expanded tremendously.
Smart cards are a key component of the public key infrastructure (PKI) because smart cards enhance software-only solutions, such as client authentication, logon, and secure email. Smart cards are a point of convergence for public key certificates and associated keys because they:
1) Provide tamper-resistant storage for protecting private keys and other forms of personal information.
2) Isolate security-critical computations, involving authentication, digital signatures, and key exchange from other parts of the system that don’t have a need to know.
3) Enable portability of credentials and other private information between computers at work, at home, or on the road.